You tell me, haha 😄

DNS usually is a bit of an issue when TTL is too high and the stuff the records point to isn’t available.

Well… Afaik the AWS outage only affected a certain region. So the company could have just deployed their online service in two different regions for redundancy.

Or even better. Enable Offline Support 😐

See an example here:

Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widespread these efforts may be. In the case of CVE-2025-24990, the company said it’s planning to remove the driver entirely, rather than issue a patch for a legacy third-party component.

The security defect has been described as “dangerous” by Alex Vovk, CEO and co-founder of Action1, as it’s rooted within legacy code installed by default on all Windows systems, irrespective of whether the associated hardware is present or in use.

New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.

As long as you don’t have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you’re increasingly vulnerable for each day after the last security update.

Makes me wonder what problems they faced with a Client/Server architecture.

Scope creep maybe? Supporting lots of platforms can be very time consuming.

I mean. I like compiling stuff myself but when I have to update 100 tools and all are source code to be compiled, then I can’t use my pc for a whole day or so.

Where I’m from there’s certificates a company can get, that confirm a certain level of process and IT security. Also a company existing for at least 5-10 years without incidents is a “vetted” company in my books. At least anything that managed to produce a working IT system before 2021 when AI came around.

I also believe there’s a bit of bad wording going on with the original comment. Take it up with that guy, lol.

This situation would have been easily preventable with basic understanding of what they’re doing is what OP is saying. This leak is not something highly complex, it is painfully stupid on the side of the developers.

There’s a difference between a hack, where data is exposed, compared to data exposure due to negligence or ignorance on the development side.

Every day I’m struggeling

Or it gets them into a negative feedback loop since AI hardly ever tries to contradict you.

But yeah. At least they’re opening up to someone/something.

If you’re behind a conventional router they still do NAT afaik.

Per default your IPv6 address should be an internal one if it’s enabled.

Yeah, we managed to recreate that in a lab. Those old OS’s are super vulnerable.

EOL means no more security updates, which means attack vectors don’t get patched.

If you keep using a Windows installation (or any OS for that matter) that isn’t patched regularly you are very likely to be victim to some malicious actor eventually. It’s not manual hacking anymore, it’s bots scraping the whole internet exploiting known vulnerabilities completely automated.

The risk is much lower if you’re in a home network with NAT, where your PCs IP is not publicly reachable, but if you communicate with any webservices you’re still vulnerable.

As example. If you nowadays put a Windows XP machine live on the internet with a public IP, it will be compromised within minutes.

So yeah. Good call switching to Mint, but please don’t use unpatched Windows.

After lunch I feel like a 7

I use Hugo for static site generation and it makes the RSS stuff for me.

Okay, I agree, but you can’t tell me some server rooms don’t look cool af.

As I’ve said. Nextcloud is a great example of FOSS working out for a business, haha.

I guess we just have to agree to disagree then. Which is fine.

Your points are valid and thank you for detailing them for me. If I was in their shoes making others able to steal my IP, even if they’re not allowed due to licensing and having to deal with constant scrutiny of the source code are k.o.-criteria, which hinder the project and lead to potential revenue loss.

Well said.

Then that’s a moot point I guess, haha.

Still a great way to pay for Obsidian to support the development though.

It’s not just about syncing files. It’s also the fact I can edit stuff on my tablet and see the changes in almost real time on my laptop with Obsidian Sync. I believe most other solutions wouldn’t play nice with such a workflow.